Securing commerce and protecting customers

The Visa Intelligent Security approach offers our ecosystem partners dynamic, data-rich solutions that help balance fraud reduction, dispute prevention, and increased approvals so that businesses can thrive while customers are protected and satisfied – however they purchase, wherever they are. The Intelligent Security framework spans the entire transaction lifecycle:

• Account Onboarding and Management: Visa provides financial institutions with tools to identify identity fraud at account opening, and through our financial institution clients, Visa provides consumer tools to manage security, including restrictions on account use and customizing alerts.
• Consumer Identity and Authentication: We use artificial intelligence-powered authentication strategies to prevent unauthorized access to Visa accounts.
• Transaction Authorization: We aim to prevent fraud without inconveniencing consumers. We use tools such as Visa Advanced Authorization (VAA), which applies real-time artificial intelligence and machine learning to evaluate the trustworthiness of transactions.
• Dispute Management: We help consumers and issuers to proactively address transaction disputes through Visa tools such as Verifi, which provides issuers and customers access to transaction information from sellers via a global data-sharing network.
• Performance Optimization: An important piece of the Visa Intelligent Security strategy is our commitment to enhancing payment performance by reducing fraud and increasing efficiency.

Visa prevented nearly $26 billion in fraud in 2021 by using artificial intelligence to analyze global transaction data.

We leverage the following components to enact our cybersecurity strategy across the business:

• Policy: The Visa cybersecurity policy, Key Controls, details our approach to protecting our information assets and consumer nonpublic personal information. We assess the Key Controls annually and update as needed.
• Audit and Third-Party Certifications: To ensure the effectiveness of our cybersecurity approach and systems, we conduct annual internal and external audits of our IT infrastructure and applications and are subject to examination by the Federal Financial Institutions Examination Council (FFIEC) and other regulators. Examples of external reviews include: Payment Card Industry Data Security Standard (PCI DSS), Statement on Standards for Attestation Engagements (SSAE-18) and International Standard on Assurance Engagements (ISAE) 3402.
• Technical Controls: We use artificial intelligence and deep learning technology to monitor our network and understand the threats aimed at our company.
• Training: We provide new employees with Security Awareness Training and conduct annual training on Key Controls, as well as cyber awareness campaigns for all employees.
• Response and Resilience: We regularly conduct cross-functional response and resiliency exercises that involve multiple internal teams as well as external partners and agencies. 
• Collaboration: We continue to expand our global capabilities through Visa’s Cyber Fusion Framework to rapidly collect, analyze and use cyber-threat intelligence.

We believe consumers expect convenience, security and privacy from their payment experiences. To meet these expectations, Visa upholds the following commitments:

• Visa does not sell personal information. Our Global Privacy Notice describes how we share information, such as when we process payments, provide services to card issuers, prevent fraud or with a cardholder's consent.
• We only use personal information for defined, appropriate purposes. In addition to operating one of the world's largest electronic payments networks, we provide authentication, fraud management, loyalty, consulting and data processing services. We also create data products that give our clients insights into their business performance. These products contain data that is de-personalized to protect consumer privacy.
• We adhere to the highest legal standards everywhere we operate.
• We back our commitments with rigorous assessments. Our Global Privacy Program is built on a comprehensive controls framework to support testing and independent auditing.

Our Global Privacy Office, composed of twenty-five professionals around the world, is led by Visa’s Chief Privacy Officer and closely coordinates with several cross-functional governance bodies. The Corporate Risk Committee and the Visa Board’s Audit and Risk Committee oversee the Global Privacy Program and the risks related to data privacy, including our compliance with current and emerging data protection laws around the world.

Ongoing Privacy Office activities include:

• Chairing the cross-function Visa Data Use Council (VDUC), responsible for reviewing and advising on new products and services that use personal information
• Supporting compliance with global privacy and data protection laws
• Championing a culture of accountability for privacy and data use throughout Visa
• Conducting regular assessments, testing and auditing as appropriate
• Maintaining the Visa Privacy Center, which is designed to help consumers understand how Visa uses and protects their personal information

We understand that people want more information on the ways in which companies use data. To that end, we developed the following Data Values to capture, in plain language, the principles we believe should apply when companies engage with consumer data. We will use these values as a touchstone to inform Visa’s role as a leader in the payments ecosystem and when we engage in our own marketing or other programs directly with consumers. We hope these Values can serve as a “north star” to drive trust and security by bringing a “consumer first” posture to data use and privacy.

Visa is committed to ensuring the integrity of our payment system and to maintain and enhance trust in the Visa brand as the most secure way to pay. We do not tolerate the use of our networks and products for illegal activity, and we are vigilant in our efforts to deter illegal transaction activity on our network.

Visa’s Global Brand Protection Program manages situations where the Visa brand is associated with potentially illegal or brand-damaging activities, such as illegal internet gambling, illicit pharmaceutical sales, child abuse images and abuse of intellectual property rights.

As part of this program, Visa conducts the following initiatives:

• Works with acquiring banks to identify and terminate merchants that are selling illegal items goods and/or services
• Identifies potentially illegal merchant activity via machine-learning solutions
• Supports the U.S. Financial Coalition Against Child Exploitation and the U.S. based National Center for Missing and Exploited Children
• Combats counterfeiting and piracy in partnership with The International Anti-Counterfeiting Coalition